Posted by: David Harley | October 25, 2016

More recent news

So, just one day after suggesting that I’m cutting back on notifications to this site…

Apple News

And on the Android front…

David Harley


Posted by: David Harley | October 24, 2016

Slowdown and Catch-Up

You may have noticed that nothing has been posted here since August 2016. This isn’t, as it happens, because there have been no issues in the world of Apple or Android security (there have!), but simply because I no longer work full-time, and I’m having to prioritize other work. I’ll still try to flag really important or interesting stuff here, but don’t expect too much, too often, or too promptly…

Here are one or two issues that have cropped up in the last month or two that caught my eye:

David Harley
ESET Senior Research Fellow

Posted by: David Harley | August 30, 2016

AV-Test looks at Android parental control apps

 Here are the results of a recent test by AV-Test asking (and answering) the question  ‘Is security software for Android with parental control functions sufficient to protect our children or is it better to have a special parental control app?’

Test: Parental Control Apps for Android

David Harley
ESET Senior Research Fellow 
(This isn’t an ESET blog, but since ESET did well in the test I guess I should point out that I work with ESET as a consultant, though I have nothing to do with their marketing or product development.)

Posted by: David Harley | August 30, 2016

OSX/Keydnap spread via Transmission app

ESET researchers say:

‘During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.’

OSX/Keydnap spreads via signed Transmission application

Posted by: David Harley | August 28, 2016

Google: easier access to content on mobile

Google: Helping users easily access content on mobile

Takes two approaches, the latter maybe more security-related.

  • One relates to the removal of the  mobile-friendly label, since most sites now meet that criterion, so the removal is seen as reducing clutter.
  • The other introduces measures to reduce the impact of intrusive pop-ups and standalone interstitials that obscure the content.
Commentary from the BBC here.  (HT to BPB)

David Harley

Posted by: David Harley | August 19, 2016

AV-Test on Android security apps

Davey Winder asks some interesting questions about AV-Test’s latest test of Android security apps. Is Android as easy to secure as the latest AV-TEST results appear to suggest?

A number of people, including ESET’s Mark James, attempt to answer those questions, but unfortunately the article boils them down to soundbites. Maybe I’ll come back to this one on the Anti-Malware Testing blog (where this short pointer article is also posted).

David Harley
ESET Senior Research Fellow

Posted by: David Harley | August 19, 2016

Marcher Trojan Impersonating Android Update

David Bisson for Graham Cluley’s blog on Marcher Trojan impersonating Android update: New firmware update? No, it’s the devious Marcher Android trojan up to no good – Android-based malware comes with new tricks, bells, and whistles.

Based on ZScaler research: Android Marcher: Continuously Evolving Mobile Malware.

Weird: the Cluley blog shows a toy soldier, where my first thought when I see the word ‘Marcher’ is of the nobility that used to guard the Welsh border. Maybe I should retire and write history books.

David Harley

Posted by: David Harley | August 19, 2016

Apteligent Evaluating Android

Apteligent report on ‘WHICH ANDROID MANUFACTURER PUSHES OS UPDATES THE FASTEST?’, Android device crash rates, device fragmentation…

Commentary by John Leyden for The Register: Two-speed Android update risk: Mobes face months-long wait = We need to outpace malware-flingers, securo folk warn

David Harley

Posted by: David Harley | August 10, 2016


Lengthy description/analysis of an interesting Android ransomware threat from McAfee: ‘Cat-Loving’ Mobile Ransomware Operates With Control Panel.

I look forward to hearing commentary from Grumpy Cat. There is, however, no truth in rumours of a German language version known as BlackForestGato.

(Also posted to AVIEN, where I maintain a ransomware resource page.)

David Harley

Posted by: David Harley | August 5, 2016

Locking in iOS Jailbreakers

Paul Ducklin for Sophos: Apple rushes out iOS update, shuts out jailbreakers

Jailbreakers try to find and exploit iOS bugs, not to commit crimes but simply to liberate their iPhones from Apple’s “walled garden,” by which you are forced to shop at the App Store only […] As far as we know, no crooks were using Team Pangu’s hack, but a security hole is a security hole, leaving Apple little choice but to push out a patch.

David Harley

Older Posts »